Trump Hotels investigates credit card hack

Not only has the business tycoon and (now) Republican presidential candidate been dumped by Macy’s, Univision and NBC over his comments on Mexican immigrants, but he is now possibly having to deal with the aftermath of a hacker attack too.

Criminal hackers may have added to the headaches of The Donald, whose chain of luxury hotels have been hit by what appears to be a major credit card breach.

The news, was first reported by security blogger Brian Krebs yesterday, who says that he was contacted by sources at several banks, who had “traced a pattern of fraudulent debit and credit card charges to accounts that had all been used at Trump hotels”.

Krebs, of course, has something of a reputation for breaking news of data breaches – and appears to have a reliable network of sources working inside financial organisations, able to tip him off about investigations into suspicious activity involving payment cards.

Trump Hotels’s Eric Trump has since confirmed in a statement to CNBC that it is investigating:

“Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties. We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”

If Krebs’s information is accurate, the data breach could stretch back to at least February, and span several locations where The Trump Hotel Collection has properties, including Chicago, Honolulu, Las Vegas, Miami, Toronto, and New York – the latter of which is well-known to US TV viewers for its prominent appearances in TV show “The Apprentice”.

No doubt Donald Trump’s team are combing back through their logs, looking for any evidence that unauthorised parties may have gained access to their systems, and made off with payment card information.

If Trump Hotels have fallen victim to hackers they’re in good company.

Just last month, Tripwire’s David Bisson reported on MalumPos – a new strain of malware that scrapes RAM to steal credit card data that was believed to be targeting point-of-sale (PoS) terminals in the hospitality, food and beverage and retail industries.

The MalumPos malware specifically targets PoS systems running the Oracle® MICROS® payment system, which it is known that at least some Trump Hotels use.

If the breach is confirmed, is it possible that the hackers were motivated by Trump’s political aspirations or his recent controversial statements on social media?

Personally, I think that’s less likely than the (rather more dull) story that criminal hackers saw an opportunity to steal information, which could allow them to commit fraud.

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.